High Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (2.2.7)	CWE-79	CWE-79	High
WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.0.10)	CWE-79	CWE-79	High
WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.1.6)	CWE-79	CWE-79	High
WordPress Plugin McAvoy Cross-Site Scripting (0.1.0)	CWE-79	CWE-79	High
WordPress Plugin MContact Button includes Backdoor [Only if downloaded via the vendor website] (2.0.6)	CVE-2021-24867 CWE-912	CWE-912	High
WordPress Plugin MDC Private Message Cross-Site Scripting (1.0.0)	CVE-2015-6805 CWE-79	CWE-79	High
WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)	CVE-2015-5469 CWE-22	CWE-22	High
WordPress Plugin MDTF-Wordpress Meta Data & Taxonomies Filter Cross-Site Request Forgery (2.2.7.2)	CVE-2021-20781 CWE-352	CWE-352	High
WordPress Plugin MediaElement.js-HTML5 Video & Audio Player Cross-Site Scripting (4.2.8)	CVE-2022-4699 CWE-79	CWE-79	High
WordPress Plugin Media File Manager Advanced Multiple Vulnerabilities (1.1.5)	CWE-79 CWE-89 CWE-264	CWE-79 CWE-89 CWE-264	High
WordPress Plugin Media File Manager Multiple Vulnerabilities (1.4.2)	CWE-22 CWE-73 CWE-79	CWE-22 CWE-73 CWE-79	High
WordPress Plugin Media File Renamer-Auto & Manual Rename Cross-Site Request Forgery (5.2.5)	CVE-2021-36850 CWE-352	CWE-352	High
WordPress Plugin Media File Renamer-Auto & Manual Rename Cross-Site Scripting (1.7.0)	CVE-2014-2040 CWE-79	CWE-79	High
WordPress Plugin Media from FTP Cross-Site Scripting (9.89)	CWE-79	CWE-79	High
WordPress Plugin Media from FTP Directory Traversal (9.85)	CVE-2018-5310 CWE-22	CWE-22	High
WordPress Plugin Media from FTP PHP Object Injection (9.79)	CWE-915	CWE-915	High
WordPress Plugin Media Library Assistant Information Disclosure (3.00)	CVE-2022-41618 CWE-200	CWE-200	High
WordPress Plugin Media Library Assistant Multiple Cross-Site Scripting Vulnerabilities (2.73)	CWE-79	CWE-79	High
WordPress Plugin Media Library Assistant Multiple Vulnerabilities (2.65)	CWE-73 CWE-538	CWE-73 CWE-538	High
WordPress Plugin Media Library Assistant Multiple Vulnerabilities (2.81)	CVE-2020-11731 CVE-2020-11732 CVE-2020-11928 CWE-22 CWE-79 CWE-94	CWE-22 CWE-79 CWE-94	High
WordPress Plugin Media Library Assistant PHP Object Injection (2.60)	CWE-915	CWE-915	High
WordPress Plugin Media Library Assistant SQL Injection (2.84)	CWE-89	CWE-89	High
WordPress Plugin Media Library Assistant SQL Injection (3.05)	CVE-2023-0279 CWE-89	CWE-89	High
WordPress Plugin Media Library Categories 'termid' Parameter SQL Injection (1.0.6)	CWE-89	CWE-89	High
WordPress Plugin Media Library Categories Multiple Cross-Site Scripting Vulnerabilities (1.1.1)	CVE-2012-6630 CWE-79	CWE-79	High
WordPress Plugin Media Mirror Cross-Site Scripting (1.0.6)	CVE-2021-24435 CWE-79	CWE-79	High
WordPress Plugin MediaPress Security Bypass (1.1.9)	CWE-264	CWE-264	High
WordPress Plugin MediaRSS external gallery TimThumb Arbitrary File Upload (0.1)	CVE-2011-4106 CWE-20	CWE-20	High
WordPress Plugin Media Search Enhanced SQL Injection (0.6.0)	CWE-89	CWE-89	High
WordPress Plugin Media Tags Cross-Site Scripting (3.2.0.2)	CVE-2021-24899 CWE-79	CWE-79	High
WordPress Plugin Media Tagz Gallery Multiple Unspecified Vulnerabilities (1.0)			High
WordPress Plugin Media Usage Cross-Site Scripting (0.0.4)	CVE-2021-34652 CWE-79	CWE-79	High
WordPress Plugin Mega Menu for WordPress-AP Mega Menu includes Backdoor [Only if downloaded via the vendor website] (3.0.5)	CVE-2021-24867 CWE-912	CWE-912	High
WordPress Plugin MegaOptim Image Optimizer Unspecified Vulnerability (1.3.2)			High
WordPress Plugin Meks Easy Social Share Cross-Site Scripting (1.2.7)	CVE-2022-2574 CWE-79	CWE-79	High
WordPress Plugin Meks Flexible Shortcodes Cross-Site Scripting (1.3.4)	CVE-2022-4562 CWE-79	CWE-79	High
WordPress Plugin Member Approval Cross-Site Request Forgery (131109)	CVE-2014-3850 CWE-352	CWE-352	High
WordPress Plugin Membership & Content Restriction-Paid Member Subscriptions Multiple Unspecified Vulnerabilities (1.4.0)			High
WordPress Plugin Membership & Content Restriction-Paid Member Subscriptions Multiple Vulnerabilities (2.4.1)	CWE-79 CWE-89	CWE-79 CWE-89	High
WordPress Plugin Membership 2 Unspecified Vulnerability (4.0.0.2)			High
WordPress Plugin Membership by Supsystic SQL Injection (1.4.7)	CWE-89	CWE-89	High
WordPress Plugin Membership For WooCommerce-Add Simple Membership Plans, Recurring Revenue, Product Tags & Send Emails To Members with WooCommerce Membership Arbitrary File Upload (2.1.6)	CVE-2022-4395 CWE-434	CWE-434	High
WordPress Plugin Membership Simplified Arbitrary File Download (1.58)	CVE-2017-1002008 CWE-538	CWE-538	High
WordPress Plugin Membership Simplified Multiple SQL Injection Vulnerabilities (1.58)	CVE-2017-1002009 CVE-2017-1002010 CWE-89	CWE-89	High
WordPress Plugin Members Import Cross-Site Request Forgery (1.3)	CWE-352	CWE-352	High
WordPress Plugin Members Import Cross-Site Scripting (1.4.2)	CVE-2022-4663 CWE-79	CWE-79	High
WordPress Plugin MemberSonic Lite Security Bypass (1.2)	CWE-287	CWE-287	High
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)	CWE-538	CWE-538	High
WordPress Plugin Memphis Documents Library Cross-Site Request Forgery (3.9.20)	CWE-352	CWE-352	High
WordPress Plugin Memphis Documents Library Multiple Unspecified Vulnerabilities (3.6.21)			High
WordPress Plugin Menu Creator 'updateSortOrder.php' SQL Injection (1.1.7)	CWE-89	CWE-89	High
WordPress Plugin Menu Image Malware/Addware Notification (2.6.9)	CWE-506	CWE-506	High
WordPress Plugin Menu Swapper Cross-Site Request Forgery (1.1.0.2)	CWE-352	CWE-352	High
WordPress Plugin Meow Gallery (+ Gallery Block) Security Bypass (4.1.9)	CWE-264	CWE-264	High
WordPress Plugin Meow Gallery (+ Gallery Block) SQL Injection (4.1.8)	CVE-2021-24465 CWE-89	CWE-89	High
WordPress Plugin Merge+Minify+Refresh Cross-Site Request Forgery (1.10.6)	CWE-352	CWE-352	High
WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Deletion (4.16.2)	CVE-2019-14793 CWE-73	CWE-73	High
WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Upload (4.16.1)	CVE-2019-14794 CWE-434	CWE-434	High
WordPress Plugin Meta Slider and Carousel with Lightbox Cross-Site Request Forgery (1.6.2)	CVE-2023-25703 CWE-352	CWE-352	High
WordPress Plugin MetaSlider Cross-Site Scripting (2.6.2)	CVE-2014-4846 CWE-79	CWE-79	High
WordPress Plugin MetaSlider Cross-Site Scripting (3.17.1)	CWE-79	CWE-79	High
WordPress Plugin MetaSlider Information Disclosure (3.3.1)	CWE-200	CWE-200	High
WordPress Plugin Meteor Slides Cross-Site Scripting (1.5.6)	CVE-2022-4486 CWE-79	CWE-79	High
WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Cross-Site Scripting (3.1.2)	CVE-2023-0084 CWE-79	CWE-79	High
WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)	CVE-2022-1442 CWE-200	CWE-200	High
WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Security Bypass (3.2.1)	CVE-2023-0085 CWE-358	CWE-358	High
WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Security Bypass (3.3.0)	CVE-2023-1843 CWE-862	CWE-862	High
WordPress Plugin Metronet Tag Manager Cross-Site Request Forgery (1.2.7)	CWE-352	CWE-352	High
WordPress Plugin MF Gig Calendar 'page_id' Parameter Cross-Site Scripting (0.9.4.1)	CVE-2012-4242 CWE-79	CWE-79	High
WordPress Plugin MF Gig Calendar Cross-Site Scripting (1.1)	CVE-2021-24510 CWE-79	CWE-79	High
WordPress Plugin Microblog Poster SQL Injection (1.6.0)	CWE-89	CWE-89	High
WordPress Plugin Microblog Poster SQL Injection (1.6.1)	CWE-89	CWE-89	High
WordPress Plugin MicroCopy SQL Injection (1.1.0)	CVE-2021-24397 CWE-89	CWE-89	High
WordPress Plugin Migration, Backup, Staging-WPvivid Arbitrary File Deletion (0.9.76)	CWE-22	CWE-22	High
WordPress Plugin Migration, Backup, Staging-WPvivid Cross-Site Scripting (0.9.55)	CWE-79	CWE-79	High